Commit f175221a authored by John Johansen's avatar John Johansen
Browse files

apparmor: rename tctx to ctx 



now that cred_ctx has been removed we can rename task_ctxs from tctx
without causing confusion.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent d9087c49

security/apparmor/context.c

+12 −13
Original line number Diff line number Diff line
@@ -156,8 +156,7 @@ int aa_set_current_onexec(struct aa_label *label, bool stack) 
 */

int aa_set_current_hat(struct aa_label *label, u64 token)

{

	struct aa_task_ctx *tctx = current_task_ctx();

	struct aa_cred_ctx *ctx;

	struct aa_task_ctx *ctx = current_task_ctx();

	struct cred *new;



	new = prepare_creds();
@@ -165,11 +164,11 @@ int aa_set_current_hat(struct aa_label *label, u64 token) 
		return -ENOMEM;

	AA_BUG(!label);



	if (!tctx->previous) {

	if (!ctx->previous) {

		/* transfer refcount */

		tctx->previous = cred_label(new);

		tctx->token = token;

	} else if (tctx->token == token) {

		ctx->previous = cred_label(new);

		ctx->token = token;

	} else if (ctx->token == token) {

		aa_put_label(cred_label(new));

	} else {

		/* previous_profile && ctx->token != token */
@@ -179,8 +178,8 @@ int aa_set_current_hat(struct aa_label *label, u64 token) 


	cred_label(new) = aa_get_newest_label(label);

	/* clear exec on switching context */

	aa_put_label(tctx->onexec);

	tctx->onexec = NULL;

	aa_put_label(ctx->onexec);

	ctx->onexec = NULL;



	commit_creds(new);

	return 0;
@@ -197,13 +196,13 @@ int aa_set_current_hat(struct aa_label *label, u64 token) 
 */

int aa_restore_previous_label(u64 token)

{

	struct aa_task_ctx *tctx = current_task_ctx();

	struct aa_task_ctx *ctx = current_task_ctx();

	struct cred *new;



	if (tctx->token != token)

	if (ctx->token != token)

		return -EACCES;

	/* ignore restores when there is no saved label */

	if (!tctx->previous)

	if (!ctx->previous)

		return 0;



	new = prepare_creds();
@@ -211,10 +210,10 @@ int aa_restore_previous_label(u64 token) 
		return -ENOMEM;



	aa_put_label(cred_label(new));

	cred_label(new) = aa_get_newest_label(tctx->previous);

	cred_label(new) = aa_get_newest_label(ctx->previous);

	AA_BUG(!cred_label(new));

	/* clear exec && prev information when restoring to previous context */

	aa_clear_task_ctx_trans(tctx);

	aa_clear_task_ctx_trans(ctx);



	commit_creds(new);

security/apparmor/domain.c

+8 −8
Original line number Diff line number Diff line
@@ -779,7 +779,7 @@ static struct aa_label *handle_onexec(struct aa_label *label, 
 */

int apparmor_bprm_set_creds(struct linux_binprm *bprm)

{

	struct aa_task_ctx *tctx;

	struct aa_task_ctx *ctx;

	struct aa_label *label, *new = NULL;

	struct aa_profile *profile;

	char *buffer = NULL;
@@ -794,17 +794,17 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) 
	if (bprm->called_set_creds)

		return 0;



	tctx = current_task_ctx();

	ctx = current_task_ctx();

	AA_BUG(!cred_label(bprm->cred));

	AA_BUG(!tctx);

	AA_BUG(!ctx);



	label = aa_get_newest_label(cred_label(bprm->cred));



	/* buffer freed below, name is pointer into buffer */

	get_buffers(buffer);

	/* Test for onexec first as onexec override other x transitions. */

	if (tctx->onexec)

		new = handle_onexec(label, tctx->onexec, tctx->token,

	if (ctx->onexec)

		new = handle_onexec(label, ctx->onexec, ctx->token,

				    bprm, buffer, &cond, &unsafe);

	else

		new = fn_label_build(label, profile, GFP_ATOMIC,
@@ -1047,7 +1047,7 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[], 
int aa_change_hat(const char *hats[], int count, u64 token, int flags)

{

	const struct cred *cred;

	struct aa_task_ctx *tctx;

	struct aa_task_ctx *ctx;

	struct aa_label *label, *previous, *new = NULL, *target = NULL;

	struct aa_profile *profile;

	struct aa_perms perms = {};
@@ -1067,9 +1067,9 @@ int aa_change_hat(const char *hats[], int count, u64 token, int flags) 


	/* released below */

	cred = get_current_cred();

	tctx = current_task_ctx();

	ctx = current_task_ctx();

	label = aa_get_newest_cred_label(cred);

	previous = aa_get_newest_label(tctx->previous);

	previous = aa_get_newest_label(ctx->previous);



	if (unconfined(label)) {

		info = "unconfined can not change_hat";

security/apparmor/lsm.c

+9 −9
Original line number Diff line number Diff line
@@ -582,15 +582,15 @@ static int apparmor_getprocattr(struct task_struct *task, char *name, 
	int error = -ENOENT;

	/* released below */

	const struct cred *cred = get_task_cred(task);

	struct aa_task_ctx *tctx = current_task_ctx();

	struct aa_task_ctx *ctx = current_task_ctx();

	struct aa_label *label = NULL;



	if (strcmp(name, "current") == 0)

		label = aa_get_newest_label(cred_label(cred));

	else if (strcmp(name, "prev") == 0  && tctx->previous)

		label = aa_get_newest_label(tctx->previous);

	else if (strcmp(name, "exec") == 0 && tctx->onexec)

		label = aa_get_newest_label(tctx->onexec);

	else if (strcmp(name, "prev") == 0  && ctx->previous)

		label = aa_get_newest_label(ctx->previous);

	else if (strcmp(name, "exec") == 0 && ctx->onexec)

		label = aa_get_newest_label(ctx->onexec);

	else

		error = -EINVAL;
@@ -1033,14 +1033,14 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) 
static int __init set_init_ctx(void)

{

	struct cred *cred = (struct cred *)current->real_cred;

	struct aa_task_ctx *tctx;

	struct aa_task_ctx *ctx;



	tctx = aa_alloc_task_ctx(GFP_KERNEL);

	if (!tctx)

	ctx = aa_alloc_task_ctx(GFP_KERNEL);

	if (!ctx)

		return -ENOMEM;



	cred_label(cred) = aa_get_label(ns_unconfined(root_ns));

	task_ctx(current) = tctx;

	task_ctx(current) = ctx;



	return 0;

}